Kyle Wagner

Hundreds of thousands of PCs are rented every year in the United States. And, it turns out, a huge chunk of them have absurdly invasive, incredibly dangerous spyware preinstalled—by the company that rents them.

Here are the main players: DesignerWare is a software company that provides a program called PC Rental Agent to rent-to-own computer stores. At issue is a feature of that program called "Detective Mode" that allows administrators to spy on keystrokes, and access basically every component of the computers, including the camera. It was installed and activated on every computer with PC Rental Agent—without disclosing it to the owner. Now, thankfully, DesignerWare and seven of the companies it supplied software to have agreed to settle with the FTC over multiple charges.

By the FTC's count, "as of August 2011, approximately 1,617 rent-to-own stores in the United States, Canada, and Australia have licensed PC Rental Agent. PC Rental Agent has been installed on approximately 420,000 computers worldwide." That's a lot of spyware. The FTC claims that, since at least 2007, DesignerWare has made Detective Mode available to every single one of them.

Advertisement

Sounds bad, right? Well it gets worse. According to the FTC, this is the next step for your gathered data:

Obviously, that represents a massive breach of privacy. And probably an illegal one. Keylogging tracks every single keystroke on your computer, so using software designed to pick out patterns, and especially with unencrypted data, anyone could just go through and find your credit card numbers and security codes, your email and passwords, your social security number, or anything else you've ever typed into your computer.

Nearly as disturbing as the granular level at which DesignerWare was spying on customers is the lengths its software went to fool people into thinking it was legitimate. For example, it used a "Software Instillation" popup box that was literally unclosable until a user entered contact information like phone number, home address, and email address, which was then transmitted back to the rental company. No software was ever installed—it was purely there to trick people into giving up their information. That level of subterfuge goes beyond even the "our customers are basically criminals, and we should be allowed to treat them as such" thesis of the tracking software.

And all that would would be terrible enough. But then, in Semptember of last year, DesignerWare took the spying even further and began automatically logging the Wi-Fi login points of every computer with a wireless card. It then cross-referenced that with the location of those hotspots, and logged the physical location of every computer. It's like the Locationgate scandal from last year—where cellphone companies were accused of tracking your every move by triangulating your signal—just decidedly on purpose, and just five months after the original iSpy mess happened.

On the surface, DesignerWare seems like maybe it's old news. There have been plenty of otherrepair-man pervs who have installed spyware to peep at naked people. But this isn't just some jerk with a script and a screwdriver. This is the institutionalization of software that allows companies to install software without their customers' knowledge that can peer directly into the deepest recesses of their online lives. And for a lot of us, that kind of local, not even account-bound knowledge of what we do on the internet is the worst fate of all.

Yes, SNL is typically about as fun as shoving a badger in your pants. But this Eli Manning sketch…
Read more Read more

So this case is important. If DesignerWare had been allowed to hold up its ostensible, flaccid argument about tracking down deadbeat renters, it would have been a farce. But the fact that it has been doing this for five years—DesignerWare had been in court as recently as May of last year—and is only just now being reigned in is still fairly nuts. So yes, this is a win for, well, sanity, but hopefully it's also a good precedent for fast tracking this kind of obvious digital exploitation through a court system that still doesn't totally understand it.